SSA Security System Analyzer USER MANUAL
Contents
1. Fixed a latency in function stop reload Fixed the PATH bug Release 1 6 Adding more plug ins Update existant OVAL XM base Viewer CVSS calculator ee 6 CVE Database Search y SD Alerts Watch Interface i Updater plug in p Updating SSA Software Updating Plug ins e Updating XML Dihi io Adding a new Report Manager ee o New report will be generated with CVE info CVSS MS Patches o We will keep the OVAL based report o Managing old reports The ability to download updates via proxy servers in progress The ability to run under linux environment in progress many bugs Complete the license agreement O O O O O Release beta 2 0 The ability to scan remote computers client feature Map users policy processes patches installed patches missed Release 3 0 This is a secret SSA Security System Analyzer 16 security database com SSA HACKS FOR FUN NOT FOR PROFIT SSA hacks this hacks will be added with the release Pre 2 0 Force SSA exe to start even if XML definition is missing Clear the entry XMLDefFile in the config ini file Options OvalDefinitionsRepository version5 1 XMLDefFile Config ini hacks this hacks be added with the free edition release Pre 2 0 Edit config ini You can change the download XML server You can bootstrap XML files if you want to avoid them to be downloaded using before each line Exemple Go Lal Updater2. 1 Defl oval xml Defl_Size 8000 S ee o Def4 microsoft windows xp definitions xml Def4_Size 2400 Def5 windows definitions xml Def5_Size 5000 Results microsoft windows xp definitions xml will not be download during the update Process SSA Security System Analyzer 17 security database com License Agreement Free Edition Copy it use it distribute it as long as these files belong to their owners v OVAL interpreter version 5 2 build 11 http OVAL mitre org v 7za file archiver from http www 7 zip org original files are included in the SSA package This software is Igor Pavlov copyright v MDS hash library MD5Lib dll appears courtesy to Teddy from AHK Project http www autohotkey net file users Members MDS5Lib dll v SSA exe and Updater exe are Security Database com copyrighted v Readme txt file shoud be kept SSA new logo pto 0s y i a we toc eo gt Li I e n eS SSA Security System Analyzer 18 security database com
3. Scanning XML files scanned http www security database com SSA Security System Analyzer 10 security database com Analyzing reports The report is generated by the OVAL interpreter Click on report and select View HTML Report E SSA Tool for Analyzing Local Security Vulnerabilities Release 1 5 a Free Edition yy iol x os SSA Security System Analyzer Based on OVAL Interpreter Version 5 1 build 14 Available OVAL XML Files 1895 on Ge Status g g g 5 Read HTML Report for advanced informatio SSA Security System Analyzer 11 security database com A sample report will look like this report is generated by OVAL interpreter ovat Results Enicrosoft Security Bulletin 507 006 Vulner OYAL Definition Generator Information NetSpider Microsoft Windows XP Home Edition Service Pack 2 5 1 2600 INTEL32 Interface Name IP Address IMAC Address OVAL Definition Interpreter Oval Definition Results fal True False Eror C Unknown oval o tr e 1 oval org mitre oval def 52 true inventory oval org mitre oval def 1002 true ii true inventory Q cs installed 9 SSA Security System Analyzer 12 security database com Updating The Oval Definitions files XML definitions are frequently updated by OVAL community we added
4. an updater plug in to automatically download them The update could be launched from the SSA program or by executing the Updater exe plug in Here is a screenshot of the updater plug in SSA Security System Analyzer Definition Updater 1 5 3 Free E oe SSA XML Definitions Updater Connected to http oval mitre org repository download datafiles SSS 2944 Ko of windows definitions xml downloaded Information Configure Close The configure button will be activated for the next 1 6 release These XML files are downloaded and installed oval xml files zip oval xm microsoft windows 2000 definitions xml microsoft windows server 2003 definitions xml microsoft windows xp definitions xml windows definitions xml When the Update process is finished SSA will automatically restarted SSA Security System Analyzer 13 security database com New Plug ins With the new version of SSA we have introduced plug ins and add ons Here is a list of available and planned plug ins OVAL XML Files Database Viewer Available CVSS Calculator Planned CVE Database Search Planned Updater Planned Advanced Report Generator Planned Security Database Search Interface Planned FREER EE Plug in OVAL XML Files Database Viewer The Oval XML Files Database viewer grabs information from the downloaded XML files It could be helpful for Viewing only vulnerabilities and inventorie
5. exe 06 12 2006 16 45 lt REP gt utilities 07 12 2006 14 35 206 501 Updater exe 06 12 2006 16 43 lt REP gt version5 2 Note SSA _ Vx zip x means the release or version number SSA Security System Analyzer security database com GETTING STARTED Settings SSA package comes with no XML definitions files These files are vital for OVAL interpreter Hence SSA software will ask you to update the definition database at the first start Normally SSA will grab the necessary files from oval mitre org server see SSA Hacks if you want to change manually these parameters WARNING SSA comes with an original config ini file If modified manually without any knowledge of how SSA operates this could lead to a malfunction please refer to SSA hacks for tips and tricks to bypass some restrictions The configuration menu item updates this file automatically Any modification will be reported stored and re used for the next scan session tc Os ee o SSA Security System Analyzer 6 security database com Front End e Menu is linking to these items o Exit o Configuration o OVAL o Report View HTML report Delete HTML report o About About Update e The realtime console displays errors and logs e The bar indicates the progress status during the loading and scanning phases RASSA Analyzing Local Security Yulnerabilities Release 1 5 Final Free Edition a iol x eo o gt SSA Security System
6. Analyzer o f P Neee Based on OVAL Interpreter Version 5 2 build 8 SSA Security System Analyzer 7 security database com Configuring Start SSA exe and select configuration item ipa OVAL Options Configuration SSA 1 5 Final Free Edition OVAL Scanner Options Repository yversionS 2 M verify hash Parse here the File s Hash E Be verbose print errors Get MDS from Oval site Confirm Cancel Options are P Repository Required The foid where is bored the ovaldi exe interpreter and all files that come along with it If missed SSA will not start OVAL Definition Required his is the definition file used by the OVAL interpreter If missed SSA will ee update it See Updating the OVAL definitions files for more information XML Files Optional SSA has an embedded XML reader This connects to each identified file and read the information CVE plateform This option will be required for the next coming release 2 0 SSA will rely on XML file to generate an history report useful for system vulnerabilities evolutions Verify Hash Optional Verify the file against its MD5 hash SSA uses two methods for this purpose Calculating MD5 using the OVAL interpreter feature Calculating MD5 using the MDS5lib dll The local MD5 hash will be compared with the one available copied and parsed manually at oval mitre org SSA Security Sy
7. F SSA QA Security System Analyzer s An OVAL Based Scanner USER MANUAL For SSA 1 5 and 1 5 1 English tc e n Lal m i 0 SSA Manual Version 1 2 Last Updated 7 Feb 2007 2006 2007 Security Database SSA Security System Analyzer 1 security database com Security Database http www security database com General info info security database com SSA Team ssa security database com SSA Free Edition is copyright of Security Database http www security database com SSA Security System Scanner uses technology from the following entities or companies v OVAL interpreter version 5 2 build 11 http OVAL mitre org v 7za file archiver from http www 7 zip org original files are included in the SSA package This software is Igor Pavlov copyright v MD5 hash library MD5Lib dll a Meas to Teddy from AHK Project http www autohotkey net Aly Sers Members MD5Lib dll L hi 2 N ee a7 SSA Security System Analyzer 2 security database com Table of Contents INTRODUCTION o0oooooi oc ccccccccccsseceseseeeesseeesseeecnaeesseeeeesaeeeeeaeeesseeeseneeeesteeeesaes 4 INSTALLING enee s a E EEEE N EEE AEE S EOE EEAS 5 System Requirements a5 cans acseayaaisscisharnngedanaualged ovannaedanadasndavenoseserauser urantusdaneeeraderseonseanavataerenantie 5 ISS Ce SALOU yas Sa naa earns Sine da dehea rw eae wa lehea rw held dehe run hac bra odes praws hea brawn ees braea oncabae
8. aba 5 GETTING STARTED siysissicisssrieavicsvarssiasvaravicrsieabignivisaiinvesnbinavaiatesiioad gavin innvicabisainbasbiass 6 PETES ssc ccccctieareasenauthatdaiudenotasideubiastaasttag aa aA E S tous lea sees AE an EE 6 Front End eee E axa ana dR dana Uae 7 ONT ourn eie e E E E E E E E 8 SCANN E oi er EE EEE E EE AEE A REEE E NE E EER 10 Analyn TEPOS Ss cacecsencaalateccaatanparenittesceedcamssaceteraeapiaceaga a E a aE 11 Updating The Oyal Definitions files ssssirssnsrnereesernir ennn sis 13 New Pl g inS ijoi iaaea a E E O E E a a aaaea 14 R admap And BV OMMICi is c ascessacsineeanstacnavaacnaroaeraanerrurasateniarneaana nnn 16 SSA HACKS FOR FUN NOT FOR PROFIT 0 00000 ccccceccsteeeeseeeeneees 17 SSA hacks this hacks will be added with the release Pre 2 0 cccccccccessssseeeeeeeeeeeees 17 Config ini hacks this hacks be added with the free edition release Pre 2 0 eeee 17 License Agreement Free ae ge etree 18 SSA new logo e Pa voeccessssssssssusssenusssanasseasasenasnse 18 Lal hi d lt ee o SSA Security System Analyzer 3 security database com INTRODUCTION SSA Security System Analyzer is based upon the OVAL Open Vulnerability and Assessment Language concept Here is the OVAL definition as it comes on the mitre org website Open Vulnerability and Assessment Language OVAL is an international information security community standard to promote open and publicly
9. at will help you out to scan detect and analyze vulnerabilities identified e As we adopted the OVAL framework since its first releases we decided to offer this free edition to the community SSA Security System Analyzer 4 security database com INSTALLING System Requirements e Windows 2000 Windows XP Windows 2003 Vista under test e Internet Explorer 5 1 or higher Firefox Safari needed to read HTML report Installation SSA software could be downloaded as setup package or zipped file Setup exe pack installation process e Double click on SSA setup exe to start the install process case of setup pack e Follow the instructions set the directory you want SSA exe to be installed into e After SSA installation start ssa exe Some configurations are needed to be done See Getting Started for more explaination Zipped pack installation process eGo e Unzip ssa vX zip to DRIVE DRIVE Any_Directory e After file decompress start ssa exe y Getting Started for more explaination EPEN ef After installing or unzipping you should have these files into the DRIVE SSA_FOLDER_WHERE_YOU_INSTALLED_IT Verification 05 12 2006 15 47 lt REP gt 05 12 2006 15 47 lt REP gt tes 14 12 2006 16 45 511 config ini 06 12 2006 16 35 lt REP gt logo 06 12 2006 16 35 lt REP gt oval xml files 06 12 2006 16 36 lt REP gt results 07 09 2005 22 15 126 976 MD5Lib dll 06 12 2006 16 42 202 235 ssa
10. available security content and to standardize the transfer of this information across the entire spectrum of security tools and services OVAL includes a language used to encode system details and an assortment of content repositories held throughout the community The language standardizes the three main steps of the assessment process representing configuration information of systems for testing analyzing the system for the presence of the specified machine state vulnerability configuration patch state etc and reporting the results of this assessment Source oval mitre org Check FAQs for more information 0o Security dabatase com recommendgiet to understand the OVAL concept and procedures before going through ins vo i using a ae Database s SSA The SSA project has been initiated fpr some Major r reasons e The OVAL framework is a ght and caer to map local vulnerabilities discrepancies with CVE references bal he wares inventory during the security assessments and audits Thus will lead adminisrators and security officers to set priorities during the patch management process e The OVAL interpreter is a powerful command line piece of software but sometimes hard to maintain copying results html viewing logs updating XML definitions cleaning process if it hangs The idea behind SSA is to create a front end that makes that process easy to understand SSA acts as an advanced GUI with some features th
11. ons xml b5bd309fa1dbef70 1a9a7d6999 19af76 cid 191 KB sun solaris 7 definitions xml 644111002597 bbe2d34 13b34345a9dde ae 399 KB 12 15 lt gt a Internet z SSA will keep in the config ini the XML definition with its related MD5 hash not calculated but pasted from oval website Bad hash returns this error neg Ge Checking windows definitions cml MDS Hash 9 4 Calculated MD5 Hash does not match Verify the hashes posted at oval mitre org SSA Security System Analyzer 9 security database com Scanning To perform a scan just click on the Scan button The scanning session will be performed using the parameters loaded and stored You can interrupt at all moment the scanning process by exiting the program Menu Exit When pressed SSA will clean temporary files and kill ovaldi exe process A bar indicates you the scanning progress When the scan is done a report is generated and stored in results folder For this release SSA relies on the original report provided by ovaldi It s clean well generated and useful For our next coming release we will provide more in depth information users patches missed processes running applications binding protocols RASSA Analyzing Local Security Yulnerabilities Release 1 5 Final Free Edition Exit Configuration OVAL Report About e e SSA Security System Analyzer sect Based on OVAL Interpreter Version 5 2 build 8 Status C
12. s of a specific OS Searching the database by OVAL Id Get more information on entries by double clicking on it You will then get o OVAL ID with the link to Oval mitre org o CVE information with the link to our cross linked SD Alerts Watch This offers in depth informatio ulnerabilities CVSS Base scopi O S Link to approp issed pami windows see snapshots References e O VAL XML Yiewer Plug in version 1 0 OVALD Viewer re Database iter by windows 2000 Loaded OVALIDs 10 M OVAL ID information OVAL ID ovalorg mitre oval def 3 Click to view more info Found occurrence 16 M Search ty M Class vulnerability OVALD Title SMB Information Disclosure Vulnerability vulnerability org mitre oval det 3 CVE 2006 1315 SMB Information Disclo Vulnerability information Platform Microsoft Windows 2000 CVE CVE 2006 1315 Click to view more info Affected Operating System Description h ce 5 Jin Microsoft Windows P1 ani Submit Export results to file Ready XML Database 10 http www security database com SSA Security System Analyzer 14 security database com When clicking on CVE you will be pointed to Security Database com SD Alerts Watch service Here is a snapshot of the CVE 2006 1315 information You will notice that we cross linked to the appropriate Microsof
13. stem Analyzer security database com OVAL Download OVAL Repository Content Microsoft Internet Explorer provided by i Fichier Edition Affichage Favoris utils 2 ay i Q Pr c dente Q x a H pa Rechercher Ka es 33 i Adresse amp http foval mitre org repository download index html xi OK Platform Data File Downloads File Name MD5 Hash checksum Date Size hp_ux 10 definitions xml 3000698 1b7ed11878fdcaa0a500af53d 2006 25 KB hp_ux 11 definitions xml 1fb29a5 1b3ec 1cd6e80 149962 13c766b ae 334 KB microsoft windows 2000 definitions xml 7 82d4b55488beb 186837c04511bfbe77 rig 2 707 MB microsoft windows 95 definitions xml 27929984 d1ed63b3e2e25 1131b5672c0 mike 89 KB microsoft windows 98 definitions xml b7f54ff5e9dbff5a49954309cfee0598 ane 259 KB microsoft windows me definitions xml 463393e 1d5062e45bcb 1ebd313a2a31 ai 381 KB microsoft windows nt definitions xml a397e5552b8c 1ffb556 f22 fofde4 bee ane 1 082 MB microsoft windows server 2003 definitions xml 563a9 c203fe8 1236840ef1d0f11e3ddd ie 1 813 MB microsoft windows xp definitions xml 328b2be2d22dec42 ff0004 eche d726c oe 2 424 MB red hat enterprise linux 3 definitions xml 2ea1f07c0b6498e62834c50955f454 fb aie 892 KB red hat enterprise linux 4 definitions xml 8d7642fb4b963c5d95893 1df97407 96a ane 30 KB red hat linux 9 definitions xml 58229 f86f13 62 964385782 fdedf209c Kk 918 KB sun solaris 10 definiti
14. t MS bulletin INFORMATIONS Name CVE 2006 1315 Last Modification 006 07 12 First Publication 2006 07 11 Severity INTERNAL RELATED ALERTS Source Name Microsoft mMso6 025 SECURITY DATABASE SCORING Cyes Base Score 53 SDCon w Low Cvss Base Score 2 3 Attack Range Remote Attack Complexity i Low Authentification s Not Require Severity Title m High Vulnerability in Server Service Could Allow Remot If we follow the Microsoft MS bulletin MSO6 035 link MICROSOFT ALERT INFORMATIONS SECURITY DATABASE Name MS06 035 sDCon E High Date Detail Vulnerability in Server Service Could Allow Remote Code Execution 917159 INTERNAL C E SOURCES Name Severity Cvss Base Score Attack Range Attack Complexity Authentification CVE 2006 1315 m Low 2 3 Remote Low Not Require CVE 2006 1314 E High 7 Remote Low Not Require SSA Security System Analyzer 15 security database com Roadmap and Evolution Release 1 5 1 intermediate build Based on OVAL 5 2 build 11 bugs fixed o Corrected bug in EntityComparator ParseVersionStr Added error checking to the function to enusre that the input version strings are in a valid format o Removed VC7 project from source distributions Fixed bugs into scan function o Handle exception Error while parsed corrupted XML File thanks to Drew Buttner from OVAL project o Handle exception Error while using unsupported schema
Download Pdf Manuals
Related Search